Experts have warned users of a new type of worm that propagates itself via USB flash memory devices.
The SillyFD-AA worm has been shown to search for removable drives on a computer and then makes copies of itself on these devices. It then creates a hidden file called "autorun.inf" which runs the worm next time the flash drive is plugged into a Windows computer. It also changes the title of Internet Explorer windows to append the phrase "Hacked by 1BYTE".
Graham Cluley, senior technology consultant at anti-virus firm Sophos said that USB drives are increasingly being given away at trade shows and in direct mailshots as they are now so cheap.
"Marketing people are prepared to use them as 'throwaways' with the aim of securing sales leads," he said. "Computer owners should tread very carefully when plugging an unknown device into their PC, however, as it could have malicious code planted on it."
He said that with a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals "bent on targeting a specific business with their malicious code."
He said that hackers are now looking for less defended entry points into organisation's infrastructure and USB devices offered a way in.
"In this example, changing the title of the Internet Explorer browser's windows should be a pretty clear sign to most people that something strange is afoot," said Cluley. "It also indicates that this particular variant of the worm has not been written with completely clandestine intentions. A more savvy internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue."
He said that users should consider disabling the autorun facility of Windows so removable devices such as USB keys and CD-Roms do not automatically launch when they are attached to a PC.
